6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
An update that solves three vulnerabilities and has 41
fixes is now available.
Description:
This update for libzypp and libsolv fixes the following issues:
Security issues fixed:
Fixed bugs and enhancements:
/memfd:
pseudo files (bsc#1123843).SYSTEMD_OFFLINE=1
during chrooted commitsThis update for zypper 1.14.27 fixes the following issues:
bash-completion: add package completion for addlock (bsc#1047962)
bash-completion: fix incorrect detection of command names (bsc#1049826)
Offer to change the ‘runSearchPackages’ config option at the prompt
(bsc#1119373, FATE#325599)
Prompt: provide a ‘yes/no/always/never’ prompt.
Prompt: support “#NUM” as answer to select the NUMth option…
Augeas: enable writing back changed option values (to ~/.zypper.conf)
removelocale: fix segfault
Move needs-restarting command to subpackage (fixes #254)
Allow empty string as argument (bsc#1125415)
Provide a way to delete cache for volatile repositories (bsc#1053177)
Adapt to boost-1.69 requiring explicit casts tribool->bool (fixes #255)
Show support status in info if not unknown (bsc#764147)
Fix installing plain rpm files with zypper in
(bsc#1124897)
Show only required info in the summary in quiet mode (bsc#993025)
Stay with legacy behavior and return ZYPPER_EXIT_INF_REBOOT_NEEDED
only for patches. We don’t extend this return code to packages, although
they may also carry the ‘reboot-needed’ attribute. The preferred way to
test whether the system needs to be rebooted is zypper needs-rebooting
. (openSUSE/zypper#237)
Skip repository on error (bsc#1123967)
New commands for locale management: locales addlocale removelocale
Inspect and manipulate the systems requested locales
, aka. the
languages software packages should try support by installing
translations, dictionaries and tools, as far as they are available.
Don’t throw, just warn if options are repeated (bsc#1123865)
Fix detection whether stdout is a tty (happened too late)
Fix broken --plus-content switch (fixes bsc#1123681)
Fix broken --replacefiles switch (fixes bsc#1123137)
Extend zypper source-install (fixes bsc#663358)
Fix inconsistent results for search (bsc#1119873)
Show reboot hint in zypper ps and summary (fixes bsc#1120263)
Improve handling of partially locked packages (bsc#1113296)
Fix wrong default values in help text (bsc#1121611)
Fixed broken argument parsing for --reposd-dir (bsc#1122062)
Fix wrong zypp::indeterminate use (bsc#1120463)
CLI parser: fix broken initialization enforcing ‘select by name’
(bsc#1119820)
zypper.conf: [commit] autoAgreeWithLicenses {=false} (fixes #220)
locks: Fix printing of versioned locks (bsc#1112911)
locks: create and write versioned locks correctly (bsc#1112911)
patch: --with update may implicitly assume --with-optional (bsc#1102261)
no-recommends: Nevertheless consider resolver namespaces (hardware,
language,…supporting packages) (FATE#325513)
Optionally run “zypper search-packages” after “search” (FATE#325599)
zypper.conf: Add [search]runSearchPackages config variable.
Don’t iterate twice on --no-cd (bsc#1111319)
zypper-log: Make it Python 3 compatible
man: mention /etc/zypp/needreboot config file (fate#326451, fixes #140)
Add needs-restarting
shell script and manpage (fate#326451)
Add zypper needs-rebooting command (fate#326451)
Introduce new zypper command framefork. Migrated commands so far:
addlock addrepo addservice clean cleanlocks modifyrepo modifyservice ps
refresh refresh-services removelock removerepo removeservice renamerepo
repos services
MediaChangeReport: fix https URLs causing 2 prompts on error
(bsc#1110542)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1927=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.0 | i586 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.i586.rpm | |
openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (i586 x86_64): | - openSUSE Leap 15.0 (i586 x86_64):.x86_64.rpm | |
openSUSE Leap | 15.0 | x86_64 | < - openSUSE Leap 15.0 (x86_64): | - openSUSE Leap 15.0 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P